vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-06 11:40:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(release): require tmux for 1password fallback

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-24 18:26:28 +01:00
parent d7e2939791
commit 62adf6349d
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.agents/skills/openclaw-release-maintainer/SKILL.md
View File

@@ -345,6 +345,9 @@ node --import tsx scripts/openclaw-npm-postpublish-verify.ts <published-version>
or stale, use the local tmux + 1Password fallback:
- Start or reuse a tmux session so interactive `npm login` and OTP prompts
are observable and recoverable.
- Hard rule: never run `op` directly in the main agent shell during release
work. Any 1Password CLI use must happen inside that tmux session so prompts
and alerts are contained and observable.
- Use the 1Password item `op://Private/Npmjs` for npm credentials and OTP.
Do not print passwords, tokens, or OTPs to the transcript; send them through
tmux buffers, env vars scoped to the tmux command, or `expect` with

5
docs/reference/RELEASING.md
View File

@@ -200,6 +200,11 @@ requires `NPM_TOKEN`, while the public repo keeps OIDC-only publish.
That keeps the direct publish path and the beta-first promotion path both
documented and operator-visible.
If a maintainer must fall back to local npm authentication, run any 1Password
CLI (`op`) commands only inside a dedicated tmux session. Do not call `op`
directly from the main agent shell; keeping it inside tmux makes prompts,
alerts, and OTP handling observable and prevents repeated host alerts.
## Public references
- [`.github/workflows/openclaw-npm-release.yml`](https://github.com/openclaw/openclaw/blob/main/.github/workflows/openclaw-npm-release.yml)